Commit Graph

6 Commits

Author SHA1 Message Date
Siavash Sameni
0060b16912 docs: ship in-house RN checkout, scope 5 follow-up tasks (#7-11)
In-house Request Network checkout went fully end-to-end on dev today.
A real 0.01 USDC payment flowed through wallet connect -> approve ->
ERC20FeeProxy.transferFromWithReferenceAndFee -> RN webhook ->
TransactionSafetyProvider -> Payment.status=completed -> page success
state. Tx 0x494c77a29161b5100d8e0b1ac675f1822955d0bb3633ecdbfafb886f84f2f320.

Docs:
- New PRD: Wallet, Multichain, Confirmations, AML, Trezor
  (5 follow-ups, each sized for an independent contributor)
- Updated PRD: Request Network In-House Checkout (phases 0..3 done,
  phase 4 partial, phases 5-6 not started)
- Updated handoff: deployed versions, what is working end-to-end,
  follow-up tasks index

Taskmaster: 5 new top-level tasks (#7..#11) covering ephemeral
destination wallets, multichain proxy registry + USDC/USDT, runtime
confirmation thresholds, optional seller-paid AML screening, and
Trezor signing for admin actions. Tasks are scoped fine-grained so
each is independent enough for kimi to pick up.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 15:50:24 +04:00
Siavash Sameni
f03519bbfb docs(arch): capture RN integration constraints and design implications
Four payment-flow concerns surfaced during the RN integration that
need explicit design decisions before scaling:

1. Rabby wallet unsupported by RN's hosted UI - mitigated by
   bringing the checkout screen in-house.
2. RN auto-bridges cross-chain payments via LiFi, costing someone
   money - mitigated by gating chain selection in our own UI based
   on seller-accepted chains.
3. Single shared escrow wallet exposes the whole platform to
   sanctioned-funds taint - needs per-escrow ephemeral wallets and
   a wallet-abstraction layer.
4. The above pushes RN into a notification-only role - viable but
   needs validation tests (webhook reliability, custom destinations,
   API-only pricing) before commitment.
2026-05-27 10:52:26 +04:00
Siavash Sameni
940ad0c655 Add full system audit reports and Telegram Mini App debug handoff
- Three-stream audit (security / logic / performance) with 35+ findings
  derived from actual source code, each with file:line and remediation
- Audit Index cross-references criticals across streams into prioritized
  fix tiers: immediately / before soft launch / before public launch
- Telegram Mini App debug handoff documenting what was implemented and
  all remaining work items with exact file lists and test commands
- Updated architecture, data model, auth API, and registration flow docs
  to reflect Telegram auth, TON wallet, and email verification additions

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-24 17:20:08 +04:00
Siavash Sameni
4cf5c49274 docs(audit): align documentation with post-remediation backend reality
- Update data model enums to match backend models
- Update API reference auth requirements
- Add dispute module references and warning blocks
- Add 2026-05-24 audit remediation callout to Overview
- Generate task breakdowns and audit artifacts
- Add doc alignment report (.taskmaster/reports/)
2026-05-24 11:16:29 +04:00
Siavash Sameni
09ef02c314 fix: repair Mermaid diagram syntax errors and add PRD task plan 2026-05-24 08:07:25 +04:00
moojttaba
0da235ae27 Initial commit: nick docs 2026-05-23 20:35:34 +03:30